Newbie questions answered Part 1

cheeseman222

In Runtime
Messages
200
before I post this I just want to clarify I didn't write it. Some guy who calls himself Wang did. This is part one of eight i think so if anyone is interested in more I can post them over an eight week period or something. I'll make this two posts as well because of the 10000 character maximum. This should answer a lot of questions people have and I found it very useful, so here it is:

Topics covered

What do I need to begin?
What are some good Websites?
What programming languages should I learn?
What is Telnet?
What is an IP address?
How do I find out my IP address?
What is IP spoofing?
What is a trojan/worm/virus/logic bomb?
What is PGP?
What is Unix?
How do I know if I telnet to a Unix system?
What is a shell account?
Where can I get a shell account?
How can I crack Unix account passwords?
What is a shadowed password?


What do I need to begin?

Well, most text files would probably disagree with this, but I think Windows 9x is as good as any other OS for getting started. Most people will tell you to go away and not come back until you have Unix or Linux, but that's really flinging you in at the deep end. In this file I will focus mostly on Windows 95 but I will mention Unix a bit later on.

Here's what you will probably need:

An OS (Operating system, could be DOS (?), Windows, Unix, Linux, BeOS etc.)
A lot of text files (This is a good start)
A selection of good web sites
A web browser (I use Netscape, but IE is as good as any)
An IRC client (IRC = Internet relay chat...well, this isn't really essential - but its a laugh!)
Telnet (or similar)
Small knowledge of programming in some language

--------------------------------------------------------------------------------

What are some good websites?

Here are a few that have helped me out in the past: -

www.happyhacker.org - This is great! If you really want to learn to be a hacker then you have to visit this website. They teach you how to hack without breaking the law (Yes, it is possible). Check out the "Guides To Mostly Harmless Hacking" which focus on every aspect of hacking you could imagine.

www.theargon.com - A site about security and hacking, it features lots of good sections of different aspects.

www.Cyberarmy.com - A nice site with a list of proxies, wingates etc. and A great selection of information tools.

www.securify.com/packetstorm - PacketStorm is a huge security archive which is updated every day - it rocks.

www.Antionline.com - Cool site for learning about exploits etc. and you can perform a security analysis of yourself.

www.phrozencrew.org.uk - A UK phreaking group providing information on BT payphones and Nokia's.

www.swateam.org - Home of the Swat team E-zine - a great mix of hacking/phreaking/anarchy.


--------------------------------------------------------------------------------

What programming languages should I learn?

Some good languages to look at are:

C (or C++)

Perl

Pascal

Delphi

Visual Basic

Personally, I started off just having a peak at QBasic, then I moved on to VB and Pascal, then Delphi, and finally Perl and C. That's probably not the best order to learn them in, but its really what suits you.

I use:

Borland C++ Builder 5
Borland Delphi 3 Professional
Microsoft Visual Basic 5 Professional
Turbo Pascal 7
Active Perl for windows
Perl 5 for Linux


--------------------------------------------------------------------------------

What is Telnet?

Telnet is a program that allows you to connect to other computers using ports. Every computer/server has ports, the most common ones you would see when using telnet are:

Port 21: FTP

Port 23: Telnet

Port 25: SMTP (Mail)

Port 37: Time

Port 43: Whois

So, for example you could tell Telnet to connect to mail.virgin.net on port 25. This would connect you to Virgins mail server.

Telnet really is essential, and its a great information tool as well.


--------------------------------------------------------------------------------

What is an IP address?

An IP address is a unique number which is given to you when you use your modem to connect to the internet. No two people can have the same IP address at one time, and your IP address changes every time you connect. An IP address looks like this: 198.164.32.123 Usually, the first 6 numbers will be the same every time you connect because they tell us what Internet service provider you are using (For example, 198.164 is the standard beginning for a Virgin.net IP address). The last 5 numbers are unique to you. Believe it or not, people can find out absolutely tons of stuff about you just from seeing your IP address. You also probably don't realise that your IP address is logged practically every time you do anything on the net. This happens so that if you do something you shouldn't be (being an evil Haxor for instance!) the people who logged your IP can contact your Internet service provider and get you thrown off the net. The other bad thing about IP addresses, is the misuse that people can do with them. If someone on IRC gets hold off your IP address (that's easy by the way, there is a command /dns which gives them anyones IP) they can type it into a nuke program and crash your connection or even your computer. Recently, IP addresses have also been used in a lot of trojan programs such as Back Oriface and Netbus.


--------------------------------------------------------------------------------

How do I find out my IP address?

In windows, go to the start menu and choose run, then type in "Winipcfg".

In mIRC, connect to a server then type /dns <your nick> (that should work unless they have an IP cloacking device)

In Unix, if you use unix then you should already know how to get your own IP!


--------------------------------------------------------------------------------

What is IP Spoofing?

This is the art of hiding your real IP address, and making it look like you have a different one. Please see "What are Wingates?" for a few examples.


--------------------------------------------------------------------------------

What is a trojan/worm/virus/logic bomb?

This is excerpted from: Computer Security Basics by Deborah Russell and G.T. Gengemi Sr.

Trojan: An independent program that appears to perform a useful function but that hides another unauthorized program inside it. When an authorized user performs the apparrent function, the trojan horse performs the unauthorized function as well (often usurping the priveleges of the user).

Virus: A code fragment (not an independent program) that reproduces by attaching to another program. It may damage data directly, or it may degrade system performance by taking over system resources which are then not available to authorized users.

Worm: An independent program that reproduces by copying itself from one system to another, usually over a network. Like a virus, a worm may damage data directly, or it may degrade system performace by tying up system resources and even shutting down a network.

Logic Bomb: A method for releasing a system attack of some kind. It is triggered when a particular condition (e.g., a certain date or system operation) occurs.


--------------------------------------------------------------------------------
 
What is PGP?

This is excerpted from: PGP(tm) User's Guide Volume I: Essential Topics by Philip Zimmermann

PGP(tm) uses public-key encryption to protect E-mail and data files. Communicate securely with people you've never met, with no secure channels needed for prior exchange of keys. PGP is well featured and fast, with sophisticated key management, digital signatures, data compression, and good ergonomic design.

Pretty Good(tm) Privacy (PGP), from Phil's Pretty Good Software, is a high security cryptographic software application for MSDOS, Unix, VAX/VMS, and other computers. PGP allows people to exchange files or messages with privacy, authentication, and convenience. Privacy means that only those intended to receive a message can read it. Authentication means that messages that appear to be from a particular person can only have originated from that person. Convenience means that privacy and authentication are provided without the hassles of managing keys associated with conventional cryptographic software. No secure channels are needed to exchange keys between users, which makes PGP much easier to use. This is because PGP is based on a powerful new technology called "public key" cryptography.

PGP combines the convenience of the Rivest-Shamir-Adleman (RSA) public key cryptosystem with the speed of conventional cryptography, message digests for digital signatures, data compression before encryption, good ergonomic design, and sophisticated key management. And PGP performs the public-key functions faster than most other software implementations. PGP is public key cryptography for the masses.


--------------------------------------------------------------------------------

What is Unix?

Unix is an Operating system (just like Windows is an operating system), it is the most powerful, hacker-friendly operating system available. UNIX happens to be a multi-user-multi-tasking system, thus bringing a need for security not found on MSDOS, Windows etc. It uses the programing language C.


--------------------------------------------------------------------------------

How do I know if I telnet to a Unix system?

Ok, let me tell you how a unix system might greet you if you connected to it. First, when you call up a UNIX, or connect to one however you do, you will usually get this prompt:

login:

*Note: If you get the prompt "Logon:" it probably ISN'T Unix.

That means that this is PROBABLY a Unix system, Some Unix systems will tell you what they are or give you a message before a

login: prompt, as such:

Welcome to SHUnix. Please log in.

login:

Or something like that. Ok, we are at the login prompt, now you need to enter in a valid account. An Account usually consists of 8 characters

or less. After you enter in an account, you will probably get a password prompt of some sort. The prompts may vary, as the source code to the login program is usually supplied with UNIX, or is readily available for free.

Well, The easiest thing I can say to do to login is basically this:

Get an account, or try the defaults. The defaults are ones that came with the operating system, in standard form. The list of some of the Defaults are as follows:

Account Default Password
Root Root
Sys Sys / System / Bin
Bin Sys / Bin
Mountfsys Mountfsys
Admin Adm / Admin
Uucp Uucp
Nuucp Anon
Anon Anon
User User
Games Games
Install Install
Demo Demo
Guest Guest
Daemon Daemon

The accounts root, mountfsys, umountfsys, install, and sometimes sync are root level accounts, meaning they have total power. Other logins are just "user level" logins meaning they only have power over what files/processes they own.


--------------------------------------------------------------------------------

What is a shell account?

Taken from Happy Hackers GTMHH beginners series #1

A shell account allows you to use your home computer as a terminal on which you can give commands to a computer running Unix. The "shell" is the program that translates your keystrokes into Unix commands. With the right shell account you can enjoy the use of a far more powerful workstation than you could ever dream of affording to own yourself. It also is a great stepping stone to the day when you will be running some form of Unix on your home computer.


--------------------------------------------------------------------------------

Where can I get a shell account?

Well, you can buy them from places (try doing a search on the internet) or you may even be able to get one free! Try www.freeshell.com or doing a search for 'Free Shell'. In my experience, its best to pay for a shell - that way you wont have any restrictions etc. All of the free shells I have seen disable the 'Telnet' command until you start paying for the shell.


--------------------------------------------------------------------------------

How can I crack Unix account passwords?

Well, the best bet is to try to get an account on the system (like your free shell account!) or try to log in as a visitor or a guest. You can then get the password file, which is stored in standard Unix systems as:

/etc/passwd.

Each line in a passwd file is a different account, here is what a line will mean:

useridassword:userid#:groupid#:GECOS field:home dir:shell

Each section of the line is seperated by a ":", here are the sections:

userid = the userid name, entered at login and can be a name or a number.

password = the password is written here in encrypted form. The encryption is one way only. When a login occurs the password entered is run thru the encryption algorithm (along with a salt) and then contrasted to the version in the passwd file that exists for the login name entered. If they match, then the login is allowed. If not, the password is declared invalid.

userid# = a unique number assigned to each user, used for permissions

groupid# = similar to userid#, but controls the group the user belongs to. To see the names of various groups check /etc/group

GECOS FIELD = this field is where information about the user is stored. Usually in the format full name, office number, phone number, home phone. Also a good source of info to try and crack a password.

home dir = is the directory where the user goes into the system at (and usually should be brought to when a cd is done)

shell = this is the name of the shell which is automatically started for the login

So, seems quite straight foward, get the passwd file, get the encrypted text in the password field, and then run it through a cracker (by the way, get a program called "CrackerJack" for this - or "John the Ripper")

Seems a little simple doesn't it? Wrong! Very rarely will you ever find a password file with the password field like that. Onto the next section:


--------------------------------------------------------------------------------

What is a shadowed password?

A shadowed password is when, in a unix passwd file, instead of the encrypted password being shown in the password field, a single character will be shown (usually an X or a *). This tells the comp that the password file is actually stored somewhere else, probably where normal users cant go. You may be able to find the Unshadowed backup file though:

[The following list of likely places to find the unshadowed backup is available from the "Hack FAQ" written by Voyager.]

Unix Path needed Token

----------------------------------------------------------------------

AIX 3 /etc/security/passwd !

or /tcb/auth/files/<first letter #

of username>/<username>

A/UX 3.0s /tcb/files/auth/?/ *

BSD4.3-Reno /etc/master.passwd *

ConvexOS 10 /etc/shadpw *

ConvexOS 11 /etc/shadow *

DG/UX /etc/tcb/aa/user/ *

EP/IX /etc/shadow x

HP-UX /.secure/etc/passwd *

IRIX 5 /etc/shadow x

Linux 1.1 /etc/shadow *

OSF/1 /etc/passwd[.dir|.pag] *

SCO Unix #.2.x /tcb/auth/files/<first letter *

of username>/<username>

SunOS4.1+c2 /etc/security/passwd.adjunct =

##username

SunOS 5.0 /etc/shadow

<optional NIS+ private secure

maps/tables/whatever>

System V Release 4.0 /etc/shadow x

System V Release 4.2 /etc/security/* database

Ultrix 4 /etc/auth[.dir|.pag] *

UNICOS /etc/udb =20



Here is what a shadowed password file will look like:

arif:x:1569:1000:Mohd Arif Khan:/udd/arif:/bin/ksh

arigo:x:1570:1000:Ryan Randolph:/udd/arigo:/bin/ksh

aristo:x:1573:1000:M. Aristo Setiawan:/udd/aristo:/bin/ksh

armando:x:1577:1000:Armando Huis:/udd/armando:/bin/ksh

arn:x:1582:1000:Arn mett:/udd/arn:/bin/ksh

arne:x:1583:1000:arne banan:/udd/arne:/bin/ksh

aroon:x:1585:1000:Aroon Thakral:/udd/aroon:/bin/ksh

arozine:x:1586:1000:Igor Berg Mogielnicki:/udd/arozine:/bin/bash

arranw:x:1588:1000:Arran Whitaker:/udd/arranw:/bin/ksh

(and endless more)

Notice those X's? That tells you the password is shadowed. So, find out what Unix system it is, find the shadowed password file, and if you can get to it save it and crack it.

End Volume One
 
thanks for the help

i just really started getting into computers, and have learn'd alot in the past year but not enough , i read the help you posted and i learn'd alot from it if you have anything else or recommend anything please reply thnx
 
Back
Top Bottom